Authentication center system

ABSTRACT

This invention provides an authentication center system which enables a user to manage centrally in one authentication center the specific account information of the user&#39;s accounts at different service parties.

TECHNICAL FIELD

This invention is about the authentication center systems or methods.

BACKGROUND

Nowadays people generally use different terminals to login their ownaccounts at various websites and online service providers. And theuser's accounts at different service parties all require specificaccount information for the account, such as: head portrait, nickname,phone number, mail address, contact address, real-name authenticationinformation, etc. But there has not existed a system or method by whicha user can manage centrally at one authentication center the user'sspecific account information at different service parties.

SUMMARY

In view of the above problems, this invention provides an authenticationcenter system or method to enable a user to manage centrally in oneauthentication center the specific account information of the user'saccounts at different service parties.

An authentication center system includes an authentication center,service parties, users and terminals, and the terminal is connected withthe authentication center and the service party by a network and iscapable of communicating with either, where the user has the useraccount AUID at the authentication center, and the user has the useraccount APID at the service party, and the user is capable of using theterminal to establish the independent connection with the authenticationcenter and the service party respectively, and the user is capable oflogining the AUID and the APID through the independent connections,where the authentication center stores the corresponding relationshipsbetween the AUID of a user and the user's APIDs at the different serviceparties, where the terminal's interface which has logined a user's AUIDat the authentication center is capable of displaying the specificaccount information of the user's APIDs at different service parties,and on the terminal's interface which has logined the user's AUID at theauthentication center the user is capable of setting to change thespecific information of the user's APIDs at the different serviceparties, where the specific account information includes at least oneitem of the information which is the user's head portrait or the user'snickname or the user's contact information, where the user's contactinformation includes the user's mobile phone number or email address orboth.

Preferably, the specific account information includes the user's headportrait.

Preferably, the specific account information includes the user'snickname.

Preferably, the specific account information includes the user's contactinformation, where the user's contact information includes the user'smobile phone number or email address or both.

Optionally, the specific account information includes the user'sreal-name authentication information, and the user is capable ofoperating on the terminal's interface which has logined theauthentication center to transfer and set the user's own real-nameauthentication information passed at the authentication center to theservice party when the service party and the authentication centerpermit, or the user is capable of operating on the terminal's interfacewhich has logined the authentication center to delete or to invalidateor to delete and invalidate the user's own real-name authenticationinformation at the service party when the service party and theauthentication center permit, or the user is capable of doing the both.

Optionally, the specific account information includes the permission topermit the user's APID at the service party to pay or to receive thepayment or to do both, or includes the permission to permit the user'sAPID at the service party to pay or to receive the payment or to do boththrough the user's other fund accounts except for the service party, orincludes the both permissions above. And the user's other fund accountsexcept for the service party are the user's accounts at the banks orother institutions which are not the service party.

Optionally, the specific account information includes the historicrecords of the logins by which the different terminals or the differentprograms on the different terminals enter the user's APIDs at thedifferent service parties, and the historic records include theidentification information of the different terminals or theidentification information of the different programs on the differentterminals.

Optionally, the specific account information includes the historicrecords of the logins by which the different terminals or the differentprograms on the different terminals enter the user's APIDs at thedifferent service parties in which the logins entering the user's APIDsare accomplished through the user's login entering the AUID of theauthentication center, and the historic records include theidentification information of the different terminals or theidentification information of the different programs on the differentterminals.

Optionally, the specific account information includes the login rulesaccording to which the user logins the user's APID at the service party,wherein the login rules according to which the user logins the user'sAPID include one or several or all of the rules which include whetherthe user is capable of logining the APID simultaneously by usingdifferent terminals or different terminal programs or not, the IP rangewhich is capable of logining the APID of the user, the geographic rangein which the user is capable of logining the APID of the user, the timerange in which the user is capable of logining the APID of the user, andthe inactive duration after which the user's login entering the APIDwill be invalidated.

Optionally, when the user registers the APID through the AUID the useris capable of choosing one item of information from the multiple itemsof information which are stored at the authentication center by the userto set as the specific information in the specific account informationof the AHD which the user is registering, or when the user registers theAPID through the AUID the user is capable of choosing one from themultiple items of specific account information which are stored at theauthentication center by the user to set as the specific accountinformation of the APID which the user is registering, or when the userregisters the APID through the AUID the user is capable of accomplishingthe both above.

Optionally, the user is capable of using the authentication program onthe different terminals to login the user's AUID at the authenticationcenter, where the authentication program's interface which has loginedthe authentication center is capable of displaying the service partiesor the user's APIDs which are already associated with the user's AUID.

Preferably, the specific account information of the user's APID at theservice party is displayed on the authentication program's interfacewhich has logined the user's AUID at the authentication center, and theuser sets at the authentication program's interface which has loginedthe user's AUID at the authentication center to change the user'sspecific account information at the different service parties.

Optionally, the different service parties are independent from eachother and don't share the account security with each other, and thedifferent service parties are independent from each other and don't needto trust each other and have no trust relationship to each other, andthe different service parties don's share the account security with eachother, and a same user's APIDs at different service parties areindependent from each other and don't need to trust each other or beassociated with each other.

Optionally, there is no affiliation relationship to each other betweenthe service party and the authentication center, and the service partyand the authentication center are the entities operating independentlyrespectively.

Preferably, the terminal, the service party and the authenticationcenter are connected by internet, and the information transmissionbetween the terminal, the service party and the authentication center iscarried out through internet.

Preferably, the communication path or route of the independentconnection which the user establishes to the service party by using theterminal doesn't include or doesn't pass through the authenticationcenter, and the communication path or route of the independentconnection which the user establishes to the authentication center byusing the terminal doesn't include or doesn't pass through the serviceparty.

Optionally, the user is capable of setting at the terminal's interfacewhich has logined the user's AUID at the authentication center to permitor forbid the specific service party to get the specific accountinformation from the authentication center, and the specific serviceparty may be a specific service party or a specific type of serviceparties or all service parties.

Optionally, the service party is capable of sending the statuses of thelogins or the sessions by which the different terminals used by a userenter the user's APID at the service party to the authentication center,where after a user logins the AUID at the authentication center by usingthe current terminal the authentication center is capable of sending thestatuses of the logins or the sessions by which the different terminalsused by the user enter the user's APIDs at different service parties tothe current terminal used by the user, where on the current terminal'sinterface which has logined the user's AUID at the authentication centerthe user is capable of changing or stopping or disabling the statuses ofthe logins or the sessions by which the different terminals used by theuser enter the user's APIDs at different service parties.

An authentication center system includes an authentication center,service parties, users and terminals, and the terminal is connected withthe authentication center and the service party by a network and iscapable of communicating with either, where the user has the useraccount AUID at the authentication center, and the user has the useraccount APID at the service party, and the user is capable of using theterminal to establish the independent connection with the authenticationcenter and the service party respectively, and the user is capable oflogining the AUID and the APID through the independent connections,where the authentication center stores the corresponding relationshipsbetween the AUID of a user and the user's APIDs at the different serviceparties, where the terminal's interface which has logined a user's AUIDat the authentication center is capable of displaying the specificaccount information of the user's APIDs at different service parties,where the specific account information includes the historic records ofthe logins by which the different terminals or the different programs onthe different terminals enter the user's APIDs at the different serviceparties, and the historic records include the identification informationof the different terminals or the identification information of thedifferent programs on the different terminals.

An authentication center system or method includes an authenticationcenter, service parties, users and terminals, and the terminal isconnected with the authentication center and the service party by anetwork and is capable of communicating with either, where the user hasthe user account AUID at the authentication center, and the user has theuser account APID at the service party, and the user is capable of usingthe terminal to establish the independent connection with theauthentication center and the service party respectively, and the useris capable of logining the AUID and the APID through the independentconnections, where the authentication center stores the correspondingrelationships between the AUID of a user and the user's APIDs at thedifferent service parties, where the terminal's interface which haslogined a user's AUID at the authentication center is capable ofdisplaying the specific account information of the user's APIDs atdifferent service parties, where the specific account informationincludes the historic records of the logins by which the differentterminals or the different programs on the different terminals enter theuser's APIDs at the different service parties in which the loginsentering the user's APIDs are accomplished through the user's loginentering the AUID of the authentication center, and the historic recordsinclude the identification information of the different terminals or theidentification information of the different programs on the differentterminals.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a network structure diagram of Embodiment 1.

DETAILED DESCRIPTION Embodiment 1

In this embodiment the authentication center is a third-partyauthentication center with comprehensive functions on the internet. Inthis embodiment the service party is one of the different websites andservice providers which provide different services on the internet. Theuser is capable of using different terminals to login the authenticationcenter and is capable of using different terminals to login the serviceparties also. After the user registers at the authentication center theuser is capable of associating the user's APIDs at different serviceparties to the user's AUID at the authentication center. And theauthentication center stores the corresponding relationships between theuser's AUID and the user's APIDs at the different service parties. Andthe terminal's interface which has logined a user's AUID at theauthentication center is capable of displaying the specific accountinformation of the user's APIDs at different service parties, and on theterminal's interface which has logined the user's AUID at theauthentication center the user is capable of setting to change thespecific information of the user's APIDs at the different serviceparties. And the user is capable of using the authentication program onthe different terminals to login the user's AUID at the authenticationcenter. And the authentication program's interface which has logined theauthentication center is capable of displaying the service parties whichhave associated with the AUID or is capable of displaying the user'sAPIDs at the service parties. And when the authentication program haslogined the authentication center the user is capable of logining theuser's APIDs at the different service parties through the authenticationprogram. And when the authentication program stops working the login bywhich the authentication program enters the AUID of the authenticationcenter is invalid or invalidated too.

The user is capable of setting at the terminal's interface which haslogined the user's AUID at the authentication center to permit or forbidthe specific service party to get the specific account information fromthe authentication center. And the specific service party may be aspecific service party or a specific type of service parties or allservice parties.

When the authentication program stops working the login by which theauthentication program enters the user's AUID at the authenticationcenter is invalid or invalidated, and then only after the user passesthe authentication again on the terminal the authentication program onthe terminal is capable of logining the user's AUID at theauthentication center again.

The login is maintained by the conversation based on the conversationinformation of two parties or maintained by the connection based on thenetwork addresses of two parties. For example, the login by which theuser's terminal enters the AUID at the authentication center or thelogin by which the user's terminal enters the APID at the service partymay be based on the connectionless conversation of two parties (such asconversation secret key or Session ID), and may also be the connectionbased on the network addresses (TCPIP addresses) mapping of the twoparties.

After the user registers the AUID at the authentication center the useris capable of associating the user's APIDs at the different serviceparties with the user's AUID at the authentication center, and after theassociation the authentication center stores the correspondingrelationships between the user's AUID and the user's APIDs at thedifferent service parties.

The terminal's interface which has logined a user's AUID at theauthentication center is capable of displaying the specific accountinformation of the user's APIDs at different service parties, and on theterminal's interface which has logined the user's AUID at theauthentication center the user is capable of setting to change thespecific information of the user's APIDs at the different serviceparties.

The specific account information includes the user's contactinformation, where the user's contact information includes the user'smobile phone number or email address or both. And the user's contactinformation may include the user's contact address.

The specific account information includes the user's head portrait orthe user's nickname or both.

The specific account information includes the user's real-nameauthentication information, and the user is capable of operating on theterminal's interface which has logined the authentication center totransfer and set the user's own real-name authentication informationpassed at the authentication center to the service party when theservice party and the authentication center permit, or the user iscapable of operating on the terminal's interface which has logined theauthentication center to delete or to invalidate or to delete andinvalidate the user's own real-name authentication information at theservice party when the service party and the authentication centerpermit, or the user is capable of doing the both.

After the user passes the real-name authentication of the authenticationcenter the authentication center maintains the real-name authenticationinformation of the user. And the means that the user passes thereal-name authentication of the authentication center may be the onlineauthentication or the offline authentication.

The real-name authentication information includes the nationalidentification number of the user or the passport number of the user.

The specific account information includes the permission to permit theuser's APID at the service party to pay or to receive the payment or todo both, or includes the permission to permit the user's APID at theservice party to pay or to receive the payment or to do both through theuser's other fund accounts except for the service party, or includes theboth permissions above. And the user's other fund accounts except forthe service party are the user's accounts at the banks or otherinstitutions which are not the service party.

The user is capable of operating on the terminal's interface which haslogined the user's AUID at the authentication center to associate theuser's APID at the service party to the user's other fund accountsexcept for the service party and to authorize the user's APID at theservice party to pay with the fund of the other fund account or toreceive the payment for the other fund account or to do both.

The user is capable of operating on the terminal's interface which haslogined the user's AUID at the authentication center to cancel orinvalidate the association or the authorization of the user between theuser's APID at the service party and the user's other fund accountexcept for the service party.

The specific account information may include the user's contact address.

The specific account information may include other information of theuser's APID at the service party

When the user's terminal stops working the terminal's login entering theuser's AUID at the authentication center is invalid or invalidated.

The specific account information includes the historic records of thelogins by which the different terminals or the different programs on thedifferent terminals enter the user's APIDs at the different serviceparties, and the historic records include the identification informationof the different terminals or the identification information of thedifferent programs on the different terminals.

The specific account information includes the historic records of thelogins by which the different terminals or the different programs on thedifferent terminals enter the user's APIDs at the different serviceparties in which the login entering the user's APID are accomplishedthrough the user's login entering the AUID of the authentication center,and the historic records include the identification information of thedifferent terminals or the identification information of the differentprograms on the different terminals.

The specific terminal which is recorded or the specific program of thespecific terminal which is recorded is capable of being identified fromthe historic records. The historic record includes the login time. Thehistoric record includes the login duration.

The service party sends the records of the logins by which the differentterminals or the different programs on the different terminals enter theuser's APIDs at the different service parties to the authenticationcenter, and the records include the identification information of thedifferent terminals or the identification information of the differentprograms on the different terminals.

The authentication center stores the records of the logins by which thedifferent terminals or the different programs on the different terminalsenter the user's APIDs at the different service parties in which thelogin entering the user's APID are accomplished through the user's loginentering the AUID of the authentication center, and the records includethe identification information of the different terminals or theidentification information of the different programs on the differentterminals.

The specific terminal which is recorded or the specific program of thespecific terminal which is recorded is capable of being identified fromthe records. The record includes the login time. The record includes thelogin duration.

The specific account information include the login rules according towhich the user logins the user's APID at the service party.

The login rules according to which the user logins the user's APIDinclude one or several or all of the rules following.

The login rules according to which the user logins the user's APIDinclude if the user is capable of logining the APID simultaneously byusing different terminals or different terminal programs.

The login rules according to which the user logins the user's APIDinclude the IP range which is capable of logining the APID of the user.

The login rules according to which the user logins the user's APIDinclude the geographic range in which the user is capable of loginingthe APID of the user. For example: the user is capable of logining theAPID only in China.

The login rules according to which the user logins the user's APIDinclude the time range in which the user is capable of logining the APIDof the user. For example: the user is capable of logining the APID onlywhen it's not night rest time.

The login rules according to which the user logins the user's APIDinclude the inactive duration after which the user's login entering theAPID will be invalidated

When the user has logined the user's AUID at the authentication centerthe user is capable of registering the APID at the different serviceparties through the AUID for the user.

The authentication center stores the corresponding relationships betweenthe AUID of a user and the user's APIDs at the different serviceparties.

When the user registers the APID through the AUID the user is capable ofchoosing one item of information from the multiple items of informationwhich are stored at the authentication center by the user to set as thespecific information in the specific account information of the APIDwhich the user is registering. For example: the user may choose one fromthe user's mailbox, the user's mobile phone or the user's username inthe related information of the user's AUID at the authentication centeras the user's username when the user is registering the APID.

When the user registers the APID through the AUID the user is capable ofchoosing one from the multiple pieces of specific account informationwhich are stored at the authentication center by the user to set as thespecific account information of the APID which the user is registering.For example: the user stores several different head portraits, and theuser may choose one from these different head portraits as the headportrait of the user's APID when the user is registering the APID.

When the user registers the APID through the AUID the user is capable ofchoosing on the interface which has logined the user's AUID at theauthentication center one item of information from the multiple items ofinformation which are stored at the authentication center by the user toset as the specific information in the specific account information ofthe APID which the user is registering.

The specific account information set by the user at the authenticationfor the service party, may be the specific account informationspecifically set for the service party, or may be the universal specificaccount information specifically set for the specific type of theservice parties, or may be the universal specific account informationspecifically set for all service parties, or may be the specific accountinformation set for the user's AUID at the authentication center.

The service party stores the user's APID's specific account informationat the service party locally, or when service party needs to use theuser's specific account information the service party is capable ofgetting the user's specific account information from the authenticationcenter which user set at the authentication center for the serviceparty.

The service party stores the user's APID's specific account informationat the service party locally. When the user logins the authenticationcenter to set at the authentication center to change the specificaccount information of the APID the authentication center sends theinformation about the set change to the service party.

When service party needs to use the user's specific account informationthe service party is capable of getting the user's specific accountinformation from the authentication center which user set at theauthentication center for the service party. When the user is loginingor has logined the user's APED at the service party the service party iscapable of getting the user's specific account information from theauthentication center which user set at the authentication center forthe service party.

That the user sets or operates at the authentication center refers tothat after the user logins the user's AUID at the authentication centerby using the terminal the user sets or operates on the terminal'sinterface which has logined the AUID at the authentication center.

That the user sets or operates at the authentication center refers tothat after the user logins the user's AUID at the authentication centerby using the authentication program running on the terminal the usersets or operates on the terminal's authentication program's interfacewhich has logined the AUID at the authentication center.

A user is capable of logining the same service party by using differentterminals and a user is capable of logining the same authenticationcenter by using different terminals.

The service party sends the statuses of the logins or the sessions bywhich the different terminals used by a user enter the user's APID atthe service party to the authentication center, where after a userlogins the AUID at the authentication center by using the currentterminal the authentication center is capable of sending the statuses ofthe logins or the sessions by which the different terminals used by theuser enter the user's APIDs at different service parties to the currentterminal used by the user, where on the current terminal's interfacewhich has logined the user's AUID at the authentication center the useris capable of changing or stopping or disabling the statuses of thelogins or the sessions by which the different terminals used by the userenter the user's APIDs at different service parties.

After a user logins the AUID of the authentication center by using thecurrent terminal the authentication center is capable of sending thestatuses of the logins or the sessions by which the different terminalsused by the user enter the user's APIDs at different service parties tothe current terminal used by the user. On the current terminal'sinterface which has logined the user's AUID at the authentication centerthe user is capable of changing or stopping or disabling the statuses ofthe logins or the sessions by which the different terminals used by theuser enter the user's APIDs at different service parties.

A user is capable of setting at the authentication center to permit orforbid the specific terminal to login the user's APID at the specificservice party. And the specific terminal may be the terminal notregistered at the authentication center or the terminal not associatedwith the user's AUID at the authentication center or the terminal of aspecific type or a specific terminal or all terminals. When a userlogins the APID at the service party by using a terminal the serviceparty sends the “terminal identification information” to theauthentication center and then the authentication center returns theconfirmation which permits or forbids the login, or a user must loginthe user's APID at the service party by logining the authenticationcenter first and then the authentication center decides directly if thelogin by which the user's terminal enters the service party ispermitted. For example: a user is capable of setting at theauthentication center to permit or forbid the mobile terminal to loginthe user's account at the payment platform.

A user is capable of setting at the authentication center to forbid theterminal which is not registered in the authentication center or notassociated with the user's AUID at the authentication center to loginthe user's APID at the specific service party or the user's APIDs at allservice parties.

A user is capable of setting at the authentication center or theauthentication center is capable of setting automatically by defaultthat the specific terminal must login the user's APID at the specificservice party through the authentication center or the specific terminalis capable of logining the user's APID only when the user has loginedthe user's AUID by the authentication program. And the specific terminalmay be the terminal not registered at the authentication center or theterminal not associated with the user's AUID at the authenticationcenter or the terminal of a specific type or a specific terminal or allterminals. For example: when a user logins the user's APID at theservice party by using the specific terminal the specific terminal mustrequest and get the authentication certificate for this login, and thenthe specific terminal transfers the authentication certificate to theservice party, and only after the service party verifies that theauthentication certificate is correct the service party will permit thespecific terminal to login the user's AHD.

A user is capable of setting at the authentication center to permit orforbid the specific terminal to use the specific function of thespecific service party. And the specific terminal may be the terminalnot registered at the authentication center or the terminal notassociated with the user's AUID at the authentication center or theterminal of a specific type or a specific terminal or all terminals. Forexample, a user is capable of setting at the authentication center toforbid the mobile terminal to pay or transfer accounts through theuser's account at a third-party payment platform.

When the user logins the user's APID at the specific service party or atall service parties by using the terminal which is not registered in theauthentication center or not associated with the user's AUID at theauthentication center, the authentication center sends the request forconfirmation to the user, and only after the user confirms to theauthentication center the terminal is capable of logining the user'sAPID.

After the user has logined the user's AUID at the authentication centerby using the authentication program on the terminal, one example of theinterface structure of the authentication program is like the followingtable. The following table is just a typical example and the exactinterface structure may be other forms or be transformed. In thefollowing table, the user's AUID at the authentication center isUsername 1, the user's APIDs at the service party A and B are Username 2and Username 3. There may be more service parties which are similar tothe service party A and B.

user's AUID Username 1 the name of the the user's the name of the thecontent of the service party APID account information accountinformation Service party A Username 2 Nickname None Head portrait“displaying the head portrait here” Authenticated 1234567890 mobilephone Authenticaed mail OK@OK.com box real-name ID number:authentication 1234567890 Service party B Username 3 Nickname None Headportrait “displaying the head portrait here” Authenticated 1234567890mobile phone Authenticaed mail OK@OK.com box real-name ID number:authentication 1234567890 Service party C . . . . . . . . . . . . . . .. . . . . .

The embodiment 1 may have any step or characteristic applicable in thefollowing description besides the description above, or technicalpersonnel in the field may transform or change the embodiment 1according to any step or characteristic applicable in the followingdescription to realize this invention in the way different from thedescription above. The realizations or embodiments of this invention areimpossible to be exhausted in this invention description, but thetechnical personnel in the field may transform or change the schemes ofthis invention according to the following description and these schemestransformed or changed obviously belong to the scope which thisinvention description has disclosed or supported.

An authentication center system or method includes an authenticationcenter, service parties, users and terminals, and the terminal isconnected with the authentication center and the service party by anetwork and is capable of communicating with either, where the user hasthe user account AUID at the authentication center, and the user has theuser account APID at the service party, and the user is capable of usingthe terminal to establish the independent connection with theauthentication center and the service party respectively, and the useris capable of logining the AUID and the APID through the independentconnections, where the authentication center stores the correspondingrelationships between the AUID of a user and the user's APIDs at thedifferent service parties, where the terminal's interface which haslogined a user's AUID at the authentication center is capable ofdisplaying the specific account information of the user's APIDs atdifferent service parties, and on the terminal's interface which haslogined the user's AUID at the authentication center the user is capableof setting to change the specific information of the user's APIDs at thedifferent service parties, where the specific account informationincludes the user's contact information, where the user's contactinformation includes the user's mobile phone number or email address orboth.

An authentication center system or method includes an authenticationcenter, service parties, users and terminals, and the terminal isconnected with the authentication center and the service party by anetwork and is capable of communicating with either, where the user hasthe user account AUID at the authentication center, and the user has theuser account APID at the service party, and the user is capable of usingthe terminal to establish the independent connection with theauthentication center and the service party respectively, and the useris capable of logining the AUID and the APID through the independentconnections, where the authentication center stores the correspondingrelationships between the AUID of a user and the user's APIDs at thedifferent service parties, where the terminal's interface which haslogined a user's MAD at the authentication center is capable ofdisplaying the specific account information of the user's APIDs atdifferent service parties, and on the terminal's interface which haslogined the user's AUID at the authentication center the user is capableof setting to change the specific information of the user's APIDs at thedifferent service parties, where the specific account informationincludes the user's head portrait or the user's nickname or both.

An authentication center system or method includes an authenticationcenter, service parties, users and terminals, and the terminal isconnected with the authentication center and the service party by anetwork and is capable of communicating with either, where the user hasthe user account AUID at the authentication center, and the user has theuser account APID at the service party, and the user is capable of usingthe terminal to establish the independent connection with theauthentication center and the service party respectively, and the useris capable of logining the AUID and the APID through the independentconnections, where the authentication center stores the correspondingrelationships between the AUID of a user and the user's APIDs at thedifferent service parties, where the terminal's interface which haslogined a user's AUID at the authentication center is capable ofdisplaying the specific account information of the user's APIDs atdifferent service parties, and on the terminal's interface which haslogined the user's AUID at the authentication center the user is capableof setting to change the specific information of the user's APIDs at thedifferent service parties, where the specific account informationincludes the user's real-name authentication information, and the useris capable of operating on the terminal's interface which has loginedthe authentication center to transfer and set the user's own real-nameauthentication information passed at the authentication center to theservice party when the service party and the authentication centerpermit, or the user is capable of operating on the terminal's interfacewhich has logined the authentication center to delete or to invalidateor to delete and invalidate the user's own real-name authenticationinformation at the service party when the service party and theauthentication center permit, or the user is capable of doing the both.

An authentication center system or method includes an authenticationcenter, service parties, users and terminals, and the terminal isconnected with the authentication center and the service party by anetwork and is capable of communicating with either, where the user hasthe user account AUID at the authentication center, and the user has theuser account APID at the service party, and the user is capable of usingthe terminal to establish the independent connection with theauthentication center and the service party respectively, and the useris capable of logining the AUID and the APID through the independentconnections, where the authentication center stores the correspondingrelationships between the AUID of a user and the user's APIDs at thedifferent service parties, where the terminal's interface which haslogined a user's AUID at the authentication center is capable ofdisplaying the specific account information of the user's APIDs atdifferent service parties, and on the terminal's interface which haslogined the user's AUID at the authentication center the user is capableof setting to change the specific information of the user's APIDs at thedifferent service parties, where the specific account informationincludes the permission to permit the user's APID at the service partyto pay or to receive the payment or to do both, or includes thepermission to permit the user's APID at the service party to pay or toreceive the payment or to do both through the user's other fund accountsexcept for the service party, or includes the both permissions above.

An authentication center system or method includes an authenticationcenter, service parties, users and terminals, and the terminal isconnected with the authentication center and the service party by anetwork and is capable of communicating with either, where the user hasthe user account AUID at the authentication center, and the user has theuser account APID at the service party, and the user is capable of usingthe terminal to establish the independent connection with theauthentication center and the service party respectively, and the useris capable of logining the AUID and the APID through the independentconnections, where the authentication center stores the correspondingrelationships between the AUID of a user and the user's APIDs at thedifferent service parties, where the terminal's interface which haslogined a user's AUID at the authentication center is capable ofdisplaying the specific account information of the user's APIDs atdifferent service parties, and on the terminal's interface which haslogined the user's AUID at the authentication center the user is capableof setting to change the specific information of the user's APIDs at thedifferent service parties, where the user is capable of using theauthentication program on the different terminals to login the user'sAUID at the authentication center, where the authentication program'sinterface which has logined the authentication center is capable ofdisplaying the service parties or the user's APIDs which are alreadyassociated with the user's AUID, when the authentication program hasalready logined the authentication center the user is capable oflogining the user's APIDs at the different service parties through theauthentication program, where when the authentication program or theterminal stops working the login by which the authentication programenters the authentication center is invalid or invalidated too.

An authentication center system or method includes an authenticationcenter, service parties, users and terminals, and the terminal isconnected with the authentication center and the service party by anetwork and is capable of communicating with either, where the user hasthe user account AUID at the authentication center, and the user has theuser account AHD at the service party, and the user is capable of usingthe terminal to establish the independent connection with theauthentication center and the service party respectively, and the useris capable of logining the AUID and the APID through the independentconnections, where the authentication center stores the correspondingrelationships between the AUID of a user and the user's APIDs at thedifferent service parties, where the terminal's interface which haslogined a user's AUID at the authentication center is capable ofdisplaying the specific account information of the user's APIDs atdifferent service parties, where the specific account informationincludes the historic records of the logins by which the differentterminals or the different programs on the different terminals enter theuser's APIDs at the different service parties, and the historic recordsinclude the identification information of the different terminals or theidentification information of the different programs on the differentterminals.

An authentication center system or method includes an authenticationcenter, service parties, users and terminals, and the terminal isconnected with the authentication center and the service party by anetwork and is capable of communicating with either, where the user hasthe user account AUID at the authentication center, and the user has theuser account APID at the service party, and the user is capable of usingthe terminal to establish the independent connection with theauthentication center and the service party respectively, and the useris capable of logining the AUID and the APID through the independentconnections, where the authentication center stores the correspondingrelationships between the AUID of a user and the user's APIDs at thedifferent service parties, where the terminal's interface which haslogined a user's AUID at the authentication center is capable ofdisplaying the specific account information of the user's APIDs atdifferent service parties, where the specific account informationincludes the historic records of the logins by which the differentterminals or the different programs on the different terminals enter theuser's APIDs at the different service parties in which the loginsentering the user's APID are accomplished through the user's loginentering the AUID of the authentication center, and the historic recordsinclude the identification information of the different terminals or theidentification information of the different programs on the differentterminals.

An authentication center system or method includes an authenticationcenter, service parties, users and terminals, and the terminal isconnected with the authentication center and the service party by anetwork and is capable of communicating with either, where the user hasthe user account AUID at the authentication center, and the user has theuser account APID at the service party, and the user is capable of usingthe terminal to establish the independent connection with theauthentication center and the service party respectively, and the useris capable of logining the AUID and the APID through the independentconnections, where the authentication center stores the correspondingrelationships between the AUID of a user and the user's APIDs at thedifferent service parties, where the terminal's interface which haslogined a user's AUID at the authentication center is capable ofdisplaying the specific account information of the user's APIDs atdifferent service parties, and on the terminal's interface which haslogined the user's AUID at the authentication center the user is capableof setting to change the specific information of the user's APIDs at thedifferent service parties, where the specific account informationincludes the login rules according to which the user logins the user'sAPID at the service party.

An authentication center system or method includes an authenticationcenter, service parties, users and terminals, and the terminal isconnected with the authentication center and the service party by anetwork and is capable of communicating with either, where the user hasthe user account AUID at the authentication center, and the user iscapable of registering the user account APID at the service party, andthe user is capable of using the terminal to establish the independentconnection with the authentication center and the service partyrespectively, and the user is capable of logining the AUID and the APIDthrough the independent connections respectively, where when the userhas logined the user's AUID at the authentication center the user iscapable of registering the APID at the different service parties throughthe AUID for the user, where the authentication center stores thecorresponding relationships between the AUID of a user and the user'sAPIDs at the different service parties, where when the user registersthe APID through the AUID the user is capable of choosing one item ofinformation from the multiple items of information which are stored atthe authentication center by the user to set as the specific informationin the specific account information of the APID which the user isregistering, or when the user registers the APID through the AUID theuser is capable of choosing one from the multiple pieces of specificaccount information which are stored at the authentication center by theuser to set as the specific account information of the APID which theuser is registering, or when the user registers the APID through theAUID the user is capable of accomplishing the both above.

The login rules according to which the user logins the user's APIDinclude the IP range which is capable of logining the APID of the user.

When the user registers the APID through the AUID the user is capable ofchoosing on the interface which has logined the user's AUID at theauthentication center one from the multiple pieces of specific accountinformation which are stored at the authentication center by the user toset as the specific account information of the APID which the user isregistering.

The user uses the authentication program on the terminal to login theauthentication center.

The user sets or operates the authentication center on the terminal'sauthentication program's interface which has logined the AUID at theauthentication center.

The user is capable of operating to choose to login different serviceparties on the terminal's authentication program's interface which haslogined the AUID at the authentication center.

The program which the user uses to login the service party is theauthentication program, or the program which the user uses to login theservice party is not the authentication program. For example: when theauthentication program is a browser, the user is capable of logining theservice party by the same browser. For example: when the authenticationprogram is the special program issued by the authentication center theuser is capable of logining the service party by a new browser opened bythe authentication program.

The user is capable of logining the service party by one click on theterminal's authentication program's interface which has logined the AUIDat the authentication center. For example, the user clicks on a link tothe service party on the authentication program's interface, and thenthe terminal of the user logins the service party directly.

The specific account information of the user's APID at the service partyis displayed on the authentication program's interface which has loginedthe user's AUID at the authentication center, and the user sets at theauthentication program's interface which has logined the user's AUID atthe authentication center to change the user's specific accountinformation at the different service parties.

When the user's terminal or the authentication program stop running, theterminal's or the authentication program's login entering the user'sAUID at the authentication center is invalid or invalidated too.

When the login by which the user's terminal or the authenticationprogram enters the user's AUID at the authentication center is invalid,the user must input again the user verification information into theterminal or use the verification device on the terminal to pass theidentity authentication and only then the terminal or the authenticationprogram is capable of logining again the user's AUID at theauthentication center. For example: the user's terminal is a mobilephone which opens the operating system's interface by fingerprintidentification, and the user must use the fingerprint to reopen themobile phone's operating system's interface after the mobile phone isshut down, and the mobile phone is capable of logining again the user'sAUID at the authentication center only after the interface of the mobilephone is open, and of course, the mobile phone may need pass otherauthentication or the authentication of the authentication center tologin the user's AUID at the authentication center after the user opensthe interface of the operating system of the mobile phone.

The user is capable of logining the service party without passingthrough the authentication center, or the user is capable of loginingthe service party through the authentication center by using theterminal when the terminal has logined the authentication center. Forexample, the user clicks the link to the service party on the terminal'sinterface which has logined the authentication center, and theauthentication transfers the verification credential to the serviceparty through the user's terminal, and the credential may beretransmitted by the authentication program or by other programs on theterminal, and at last if the service party confirms that the credentialis correct the user's terminal logins the user's APID at the serviceparty by the program which retransmits the verification credential

Each time the user logins the service party through the authenticationcenter by using the terminal, the authentication center sends theverification credential to the service party directly or through theuser's terminal.

The verification credential is specifically used for the service partyby the authentication center, and the verification credential is notcapable of being used to login other service parties.

The verification credential is specifically used for the user or theuser's terminal and by the authentication center, and other users orother user's terminals is not capable of using the verificationcredential to login the service party.

The verification credential has the period of validity and the expiredverification credential is invalid.

When the user login the service party through the authentication center,the service party is not capable of pretending to be the user to loginother service parties through the logins by which the user enters theservice party. For example, the verification credential is usedspecifically for the service party by the authentication center, and theservice party is not capable of pretending to be the user to login otherservice parties by using the verification credential received by theservice party.

When the status of the login or the session by which the terminal entersa user's APID at the service party is invalid, it's only after the userinputs the user verification information into the terminal, or after theuser passes the identity authentication by using the verificationdevice, or after the user passes the indirect authentication of thethird party on the terminal, that the terminal is capable of loginingthe user's APID at the service party, and then the status of the loginor the session by which the terminal enters the user's APED at theservice party is capable of changing to be valid.

When the status of the login or the session by which the terminal entersa user's AUID at the authentication center is invalid, it's only afterthe user inputs the user verification information into the terminal, orafter the user passes the identity authentication by using theverification device, or after the user passes the indirectauthentication of the third party on the terminal, that the terminal iscapable of logining the user's AUID at the authentication center, andthen the status of the login or the session by which the terminal entersthe user's AUID at the authentication center is capable of changing tobe valid.

The user verification information or the user verification device is theinformation or the device uniquely owned by the user and by which theuser is capable of passing the identity authentication on the differentterminals. The “inputting the user verification information into theterminal” refers to inputting into the terminal by the input device ofthe terminal or by other device.

The user verification device is portable external device.

That the user inputs the user verification information into the terminalor that the user uses the user verification device refers to that theuser inputs the user verification information manually or that the useruses the user verification device manually.

The means of inputting the user verification information or the means ofusing user verification device include username/password, returning codeor agreed code, user biological characteristics, portable external ICcard, and scanning two-dimensional code by mobile phone. Andusername/password, returning code, agreed code, and user biologicalcharacteristics are the user verification information. And mobile phoneand portable external IC card are the user verification device. And thereturning code is the means that the authentication center or theservice party returns a confirmation code to the specific terminal ofthe user and the user inputs it into the current terminal to pass theidentity authentication of the authentication center or the serviceparty. And the agreed code may be paper-based or electronic dynamicpassword and the user must input the agreed code of designated sequencenumber or input the dynamic password displayed currently to pass theauthentication. And the user biological characteristics is the meansthat user uses his own biological characteristics to pass the identityauthentication, for example, the fingerprint of the user. And theportable external IC card is the means of USB key and the user mustconnect the IC(USB key) to the peripheral interface (USB interface) ofthe terminal to pass the authentication. And the scanningtwo-dimensional code by mobile phone refers to the means that the useruses the camera of the mobile phone to scan the two-dimensional code forlogin displayed by a terminal displayer and then the mobile phone sendsthe information of the two-dimensional code to the party which islogined or to the third party assisting the login, in which the partywhich is logined permits the terminal of the user to login thecorresponding user account of the party which is logined if the partywhich is logined or the third party confirms that the information of thetwo-dimensional code is correct, in which the third party will notifythe party which is logined after the third party confirms that theinformation of the two-dimensional code is correct.

When a user uses the terminal to login the service party, the thirdparty refers to another party different from the terminal and theservice party on the network. When the terminal logins the service partythrough the indirect authentication of the third party, theauthentication center may be the third party which provides the indirectauthentication of the third party.

When a user logins the authentication center by using the terminal, thethird party refers to another party different from the terminal and theauthentication center on the network.

Before a user passes the indirect authentication of the third party tologin the service party or the authentication center, the user haspassed the identity authentication of the third party on the terminal byinputting the user verification information or using the userverification device. And in the procedure the terminal logins theservice party or the authentication center through the indirectauthentication of the third party, the user doesn't need to perform theauthentication of the third party on the terminal by inputting the userverification information or using the user verification device. And thethird party is the third party or intermediary party which provides theindirect authentication of the third party on internet.

A user may pass the login authentication of the service party throughthe authentication center after logins the authentication center byusing the terminal and login the service party by using the terminalafter passes the login authentication of the service party. And if thestatus of the authentication of the user's terminal at theauthentication center is valid the user may login different serviceparties by one click on the terminal. And that a user logins the serviceparty by passing the indirect authentication with the authenticationcenter as the third party includes two steps, and the first step is thatthe user passes the identity authentication of the authenticationcenter, and the second step is that the user passes the loginauthentication of the service party through the authentication centerand logins the service party. And the first step requires that the useruses the user verification information or the user verification deviceon the terminal, and the second step doesn't need the user verificationinformation or the user verification device.

After a user logins the authentication center by using the currentterminal the list of the user's APIDs at the different service partiesassociated with the authentication center will be displayed on theinterface of the current terminal which the user is using when theinterface has logined the authentication center.

The user logins the authentication center by using an authenticationprogram on the terminal. And the user is capable of setting the statusesof the logins or the sessions on the interface of the authenticationprogram.

The user logins the user's APIDs at different service parties throughthe authentication center by using the authentication program. The usermay login the user's APIDs at different service parties by one click onthe interface of the authentication program.

The user is not capable of logining the service party through theauthentication program when the authentication program stops running,and only when the user logins the authentication center by using theauthentication program the user is capable of logining the user's APIDat the service party through the authentication program.

The user is capable of using other program which is not theauthentication program to login the user's APID at the service partythrough the authentication program.

If the authentication program on the terminal is running and the statusof the login by which the authentication program enter the user's AUIDat the authentication center maintains valid, the authentication programwill participate in the steps of transferring the “terminalidentification information” of the terminal or the “terminal serviceparty identification information” to the service party when the userlogins the service party.

If the authentication program on the terminal maintains running and thestatus of the login by which the terminal enters the user's AUID at theauthentication center maintains valid, the authentication program willparticipate in the procedure that the user logins the user's APID at theservice party by using the terminal. When the authentication programparticipate in the procedure that the user logins the user's APID at theservice party by using the terminal the user's terminal may login theservice party by the authentication program or by other program which isnot the authentication program. The authentication program may be theweb browser or the specific program which is not the web browser.

The service party is not capable of pretending to be the user to loginother service parties through the logins by which the user enters theservice party.

The different service parties are independent from each other and don'tshare the account security with each other. The different serviceparties are independent from each other and don't need to trust eachother and have no trust relationship to each other. The differentservice parties don's share the account security with each other.

A same user's APIDs at different service parties are independent fromeach other and don't need to trust each other or be associate with eachother.

There is no mutual membership relation to each other between the serviceparty and the authentication center. And the service party and theauthentication center are the entities operating independentlyrespectively.

The terminal, the service party and the authentication center areconnected by internet. And information transmission between theterminal, the service party and the authentication center is carried outthrough internet.

The authentication center and the service party may be the server or theserver group. And the service party may be internet service providerwhich provides the resources and services to the user on internet, suchas website. And the authentication center is internet operatorspecialized in providing the authentication login service on internet.

The terminal used by the user may be PC, desktop computer, notebookcomputer, tablet computer or smart mobile phone.

The communication path or route of the independent connection which theuser establishes to the service party by using the terminal doesn'tinclude or doesn't pass through the authentication center. Thecommunication path or route of the independent connection which the userestablishes to the authentication center by using the terminal doesn'tinclude or doesn't pass through the service party.

The authentication center stores the corresponding relationships betweena user's AULD at the authentication center and the user's APIDs at thedifferent service parties, and specially it may be: the authenticationcenter stores correspondingly the user's AUID at the authenticationcenter and the user's APIDs at the different service parties. Thecorresponding relationship between the AUID and the APID is associatedby the user at the authentication center or at the service party, andafter the user associates at the service party the service party sendsthe notification of the association or the confirmation of theassociation to the authentication center.

The service party stores the corresponding relationship between theuser's AUID at the authentication center and the user's APID at theservice party too. And after the user associates the AUID and the APIDat the authentication center or at the service party, the service partystores the APID and the AUID correspondingly too.

The different terminals of a same user connect to the network orinternet independently from each other.

This invention may form to be a standardized protocol, and theauthentication center, the service party, the user and the terminals mayrealize this invention based on this protocol. And the authenticationcenter may develop the programs or software modules based on thisprotocol to provide to the service party and the user to cooperate torealize this invention.

1. An authentication center system includes an authentication center,service parties, users and terminals, and is characterized in that theterminal is connected with the authentication center and the serviceparty by a network and is capable of communicating with either, whereinthe user has the user account MAD at the authentication center, and theuser has the user account APID at the service party, and the user iscapable of using the terminal to establish the independent connectionwith the authentication center and the service party respectively, andthe user is capable of logining the AUID and the APID through theindependent connections, wherein the authentication center stores thecorresponding relationships between the AUID of a user and the user'sAPIDs at the different service parties, wherein the terminal's interfacewhich has logined a user's AUID at the authentication center is capableof displaying the specific account information of the user's APIDs atdifferent service parties, and on the terminal's interface which haslogined the user's AUID at the authentication center the user is capableof setting to change the specific information of the user's APIDs at thedifferent service parties, wherein the specific account informationincludes at least one item of the information which is the user's headportrait or the user's nickname or the user's contact information,wherein the user's contact information includes the user's mobile phonenumber or email address or both.
 2. The authentication center systemaccording to claim 1, characterized in that the specific accountinformation includes the user's head portrait.
 3. The authenticationcenter system according to claim 1, characterized in that the specificaccount information includes the user's nickname.
 4. The authenticationcenter system according to claim 1, characterized in that the specificaccount information includes the user's contact information, wherein theuser's contact information includes the user's mobile phone number oremail address or both.
 5. The authentication center system according toclaim 1, characterized in that the specific account information includesthe user's real-name authentication information, and the user is capableof operating on the terminal's interface which has logined theauthentication center to transfer and set the user's own real-nameauthentication information passed at the authentication center to theservice party when the service party and the authentication centerpermit, or the user is capable of operating on the terminal's interfacewhich has logined the authentication center to delete or to invalidateor to delete and invalidate the user's own real-name authenticationinformation at the service party when the service party and theauthentication center permit, or the user is capable of doing the both.6. The authentication center system according to claim 1, characterizedin that the specific account information includes the permission topermit the user's APID at the service party to pay or to receive thepayment or to do both, or includes the permission to permit the user'sAPID at the service party to pay or to receive the payment or to do boththrough the user's other fund accounts except for the service party, orincludes the both permissions above.
 7. The authentication center systemaccording to claim 1, characterized in that the specific accountinformation includes the historic records of the logins by which thedifferent terminals or the different programs on the different terminalsenter the user's APIDs at the different service parties, and thehistoric records include the identification information of the differentterminals or the identification information of the different programs onthe different terminals.
 8. The authentication center system accordingto claim 1, characterized in that the specific account informationincludes the historic records of the logins by which the differentterminals or the different programs on the different terminals enter theuser's APIDs at the different service parties in which the loginsentering the user's APIDs are accomplished through the user's loginentering the AUID of the authentication center, and the historic recordsinclude the identification information of the different terminals or theidentification information of the different programs on the differentterminals.
 9. The authentication center system according to claim 1,characterized in that the specific account information includes thelogin rules according to which the user logins the user's APID at theservice party, wherein the login rules according to which the userlogins the user's APID include one or several or all of the rules whichinclude whether the user is capable of logining the APID simultaneouslyby using different terminals or different terminal programs or not, theIP range which is capable of logining the APID of the user, thegeographic range in which the user is capable of logining the APID ofthe user, the time range in which the user is capable of logining theAPID of the user, and the inactive duration after which the user's loginentering the APID will be invalidated.
 10. The authentication centersystem according to claim 1, characterized in that when the userregisters the APID through the AUID the user is capable of choosing oneitem of information from the multiple items of information which arestored at the authentication center by the user to set as the specificinformation in the specific account information of the APID which theuser is registering, or when the user registers the APID through theAUID the user is capable of choosing one from the multiple items ofspecific account information which are stored at the authenticationcenter by the user to set as the specific account information of theAPID which the user is registering, or when the user registers the APIDthrough the AUID the user is capable of accomplishing the both above.11. The authentication center system according to claim 1, characterizedin that the user is capable of using the authentication program on thedifferent terminals to login the user's AUID at the authenticationcenter, wherein the authentication program's interface which has loginedthe authentication center is capable of displaying the service partiesor the user's APIDs which are already associated with the user's AUID.12. The authentication center system according to claim 1, characterizedin that the specific account information of the user's APID at theservice party is displayed on the authentication program's interfacewhich has logined the user's AUID at the authentication center, and theuser sets at the authentication program's interface which has loginedthe user's AUID at the authentication center to change the user'sspecific account information at the different service parties.
 13. Theauthentication center system according to claim 1, characterized in thatthe different service parties are independent from each other and don'tshare the account security with each other, and the different serviceparties are independent from each other and don't need to trust eachother and have no trust relationship to each other, and the differentservice parties don's share the account security with each other, and asame user's APIDs at different service parties are independent from eachother and don't need to trust each other or be associated with eachother.
 14. The authentication center system according to claim 1,characterized in that there is no affiliation relationship to each otherbetween the service party and the authentication center, and the serviceparty and the authentication center are the entities operatingindependently respectively.
 15. The authentication center systemaccording to claim 1, characterized in that the terminal, the serviceparty and the authentication center are connected by internet, and theinformation transmission between the terminal, the service party and theauthentication center is carried out through internet.
 16. Theauthentication center system according to claim 1, characterized in thatthe communication path or route of the independent connection which theuser establishes to the service party by using the terminal doesn'tinclude or doesn't pass through the authentication center, and thecommunication path or route of the independent connection which the userestablishes to the authentication center by using the terminal doesn'tinclude or doesn't pass through the service party.
 17. Theauthentication center system according to claim 1, characterized in thatthe user is capable of setting at the terminal's interface which haslogined the user's AUID at the authentication center to permit or forbidthe specific service party to get the specific account information fromthe authentication center, and the specific service party may be aspecific service party or a specific type of service parties or allservice parties.
 18. The authentication center system according to claim1, characterized in that the service party is capable of sending thestatuses of the logins or the sessions by which the different terminalsused by a user enter the user's APID at the service party to theauthentication center, wherein after a user logins the AUID at theauthentication center by using the current terminal the authenticationcenter is capable of sending the statuses of the logins or the sessionsby which the different terminals used by the user enter the user's APIDsat different service parties to the current terminal used by the user,wherein on the current terminal's interface which has logined the user'sAUID at the authentication center the user is capable of changing orstopping or disabling the statuses of the logins or the sessions bywhich the different terminals used by the user enter the user's APIDs atdifferent service parties.
 19. An authentication center system includesan authentication center, service parties, users and terminals, and ischaracterized in that the terminal is connected with the authenticationcenter and the service party by a network and is capable ofcommunicating with either, wherein the user has the user account AUID atthe authentication center, and the user has the user account APID at theservice party, and the user is capable of using the terminal toestablish the independent connection with the authentication center andthe service party respectively, and the user is capable of logining theAUID and the APID through the independent connections, wherein theauthentication center stores the corresponding relationships between theAUID of a user and the user's APIDs at the different service parties,wherein the terminal's interface which has logined a user's AUID at theauthentication center is capable of displaying the specific accountinformation of the user's APIDs at different service parties, whereinthe specific account information includes the historic records of thelogins by which the different terminals or the different programs on thedifferent terminals enter the user's APIDs at the different serviceparties, and the historic records include the identification informationof the different terminals or the identification information of thedifferent programs on the different terminals.
 20. An authenticationcenter system or method includes an authentication center, serviceparties, users and terminals, and is characterized in that the terminalis connected with the authentication center and the service party by anetwork and is capable of communicating with either, wherein the userhas the user account AUID at the authentication center, and the user hasthe user account APID at the service party, and the user is capable ofusing the terminal to establish the independent connection with theauthentication center and the service party respectively, and the useris capable of logining the AUID and the APID through the independentconnections, wherein the authentication center stores the correspondingrelationships between the AUID of a user and the user's APIDs at thedifferent service parties, wherein the terminal's interface which haslogined a user's AUID at the authentication center is capable ofdisplaying the specific account information of the user's APIDs atdifferent service parties, wherein the specific account informationincludes the historic records of the logins by which the differentterminals or the different programs on the different terminals enter theuser's APIDs at the different service parties in which the loginsentering the user's APIDs are accomplished through the user's loginentering the AUID of the authentication center, and the historic recordsinclude the identification information of the different terminals or theidentification information of the different programs on the differentterminals.